A Risk Assessment is an Opportunity Assessment

A Participant’s View of the 2017 PDA QRM Workshop

It was a pleasure attending the 2017 PDA Quality Risk Management for Manufacturing Systems Workshop this June in Chicago. This interactive workshop featured thought-provoking presentations from leaders in quality risk management (QRM) and opportunities to discuss specific QRM scenarios in breakout groups. As an attendee, I want to share some of what I learned with the wider PDA membership.

Effective QRM is key to product quality. To master future challenges, our industry needs to take a collaborative approach with regulators as pharma is a challenging environment with more complex products, increased reporting to regulators, and expansive globalization of supply chains. Continuous manufacturing and personalized medicine are some of the disruptive trends affecting the industry.

The industry remains committed to maintaining the bar high on product quality. Keeping the promise of high quality means a deep understanding of the product and process, built on identifying and proactively managing risks inherent to real-life production processes. QRM is, therefore, not solely a regulatory need; it is an essential tool for the company to know that products are safe.

Quality has, and is, value. Bad quality has significant influence on both the patient and the brand. An integrated, cross-functional culture of risk- and science-based decision-making is key. Cross-functionality ensures different functional expertise in the working group for the holistic approach. QRM must always be backed by senior leadership as it may require dedicated resource allocation.

Effort put into risk management processes is sometimes extensive, which makes it essential to start with a clear risk question, followed by a Manufacturing System Characterization, using either a Process Risk Assessment or by System Risk Assessment. A broad lineup of risk management tools is available—there is no one-size-fits-all solution. Nonexhaustive examples of risk management tools consist of basic risk management facilitation methods (flowcharts, check sheets, etc.), Failure Mode Effects Analysis (FMEA), Failure Mode Effects and Criticality Analysis (FMECA), Fault Tree Analysis (FTA), Hazard Analysis and Critical Control Points (HACCP), Hazard Operability Analysis (HAZOP), Preliminary Hazard Analysis (PHA), risk ranking and filtering, and supporting statistical tools. It might be appropriate to adapt these tools for specific issues. Risks can also be assessed and managed by internal procedures (Standard Operating Procedures).

Significantly reducing the probability of occurrence of risks backs the basic homework of qualification, validation, monitoring, training of people, etc.

It also pays back in many ways to:

• Dive into the Risk Assessment (RA)
• Implement risk control activities occurring throughout the design
• Integrate commissioning and qualification phase and operational phase of a system
• Reduce the operational and quality risks associated with the system
• Support a successful commissioning and qualification
• Assure system effectiveness and continued process verification

A good RA states the risks, impact and what is done for management, and the risk rating goes straight into control. An opposite example is an RA with a predetermined outcome—one of the top-ranking reasons an RA fails.

Companies often struggle to implement and/or develop an effective and supporting QRM system due to the fear of taking the risks virtually linked in current QRM system implementation. But playing it safe merely follows an audit-proven approach. Another impacting factor is the lack of understanding to deal meaningfully with available data from clinical development and/or routine GMP process. It pays to manage available data and to think about what types of data are needed prior to the creation of data.

The focus should be to determine if an RA truly adds value, e.g., there is no RA needed to tell that the labeling must be correct as that is simple GMP.

Risk management is not a one-time task, it follows a risk management lifecycle which includes a periodic reevaluation of risk management activities using new data and experience over time as, e.g., discrepancy management and investigation data, customer complaint and adverse event data, change control data, internal audit data, walk-through inspection and external inspection data, predictive/preventive maintenance data, calibration data, work orders, manufacturing system monitoring trends, regulatory guidance and standards, and related industry trending data and scientific publications. The risk review can either be event-based or time-based. The risk review covers the important task to span the bridge between QRM and knowledge management and is an effective tool to measure risk reduction as well. A QRM process must always be accompanied by an integrated risk communication, aligning stakeholders and process environment on risks.

Ultimately, I took away from this workshop that a well set-up, diversely structured and coherently communicated QRM process is a powerful tool to keep our promise to patients.